An Inspirational Mentor Story of Gina Yacone — Denver Metropolitan Area

Gina is the Information Security Official for TRACE3’s mountain state region, and is based out of Denver, Colorado. Gina is tasked with developing and implementing internal cyber security processes and solutions for her region. Additionally, she works closely with TRACE3’s Security Solutions Leadership Team to develop the customer facing go-to-market strategies for security solutions and customer success.

Gina is an information security strategist and speaker with a unique technical vision and business acumen. She is responsible for educating client-organizations about the ever-changing cybersecurity landscape and helping them build a dynamic cybersecurity and privacy programs. She loves focusing on the unique challenges today’s organizations face and communicating TRACE3’s value proposition to varying technical and non-technical clients

Gina has built an extensive track record of success delivering the vision, key leadership, and strategies to take IT performance and security to new levels of performance.

Gina is a designated CompTIA Subject Matter Expert and holds certifications from ISACA as a Certified Data Privacy Solution Engineer (CDPSE), (ISC) 2 as a Systems Security Certified Practitioner, CompTIA in Security Plus (Sec+), as well as the Health Information Trust Alliance (HITRUST) as a Certified CSF Practitioner (CCSFP) and a Certified HITRUST Quality Professional (CHQP). Gina is a Rotarian and an active member of the Information Systems Security Association (ISSA), InfraGard, and regularly participates in DEFCON and other local hacker meetups. Gina sits on the board for Tweens & Technology.

Prior to her work in information security, Gina was a licensed private investigator for Barry A. Cohen, P.A., in Tampa, FL. While there, she specialized in high-profile, complex litigation. Gina holds a bachelor’s degree in political science from the University of Miami, Miami, FL., and is pursuing her master’s degree in cybersecurity from the University of New Hampshire

What do you like the most in Cybersecurity field?

Working on the unique challenges today’s organizations face. I love educating organizations about the ever-changing cybersecurity landscape and helping them build a dynamic cybersecurity and privacy programs. I find it so rewarding to watch my client’s security posture mature over time. It is the best feeling to feel like you have a true partnership with your clients and you have built a great trust relationship.

Cybersecurity moves quickly. So, I learn something new daily. I spend a few hours a week researching new cybersecurity threats and trends. Every morning, I listen to a 5–10-minute daily cybersecurity podcast from SANS Institute called the StormCast and other relevant podcasts. Additionally, I look at cybersecurity news from trusted sources like InfraGard. Cybersecurity allows me to be a forever learner.

How did you get into Cybersecurity and what do you enjoy most as a mentor in Cybersecurity?

I was introduced to a technology recruiter who told me to look into being a cybersecurity professional. He stated that there were not enough women in the industry, and he thought I could be a trailblazer. My goal is that I make him proud, and I hope to become a trailblazer to the future women in our industry.

A personal goal of mine is to help organizations and communities of interest (COIs) to create meaningful diversity of thought in their cybersecurity workforce.

How much time do you commit for mentoring, do you need to set aside anytime for preparation and how you manage it with your other priorities?

At least once a quarter, I spend time one-on-one time with one person to roadmap their goals. I may help the mentee with their resume, their branding, their study strategies, interview help, etc. It can be very hard to manage more than one mentee at a time because of my work and school priorities. Two years ago, I took on helping too many mentees and I realized was not providing the greatest value to each of them because I spread myself too thin. So, I had to step back and decide to only focus on one request per quarter.

Leadership

Did you help upscale your mentee’s softer skills and has it helped the mentee in her Cybersecurity Career?

I work with my mentee a lot about personal branding. The first obstacle that we normally face is have the mentee really think what they want to do in their career. It sounds easy, but it is not. There may be short terms goals and long term goals that need to be considered. Mentee really need to think about their timeline, career develop goals, and how they want the world perceive them through platforms like LinkedIn and Twitter.

Describe your leadership style. How does this influence your approach for mentoring?

I strive to be a transformational leader, and many have stated that I have a coaching style of leadership because I try to have people consider different ways to approach an obstacles and love saying, “you should consider” to help mentee think outside the box. I think every person can be coached, but sometimes timing is not there. The mentee needs to put in the effort.

What advise you will give for aspiring mentors & mentees?

Network, network, network! Go to conferences, connect with people on social media, join cybersecurity professional organizations. Not only can your network can be vital to your professional success, but it also helps you stay up-to-date on industry trends and new technology.

Challenges

Cybersecurity is a vast field; how do you cope with situation when broad goals are set by mentees?

Most mentees start too broad with their requests. For example, I get a lot of questions that state, “how do I get into cybersecurity.” Well, cybersecurity is broad. When I get that question, it raises a red flag. It means that the mentee has not researched enough the industry, and are not sure if they even have a passion for cybersecurity or what their “why” statement is.

If I see this, I direct mentees to watch cybersecurity training videos to see what part of cybersecurity is most exciting and interesting to them. For example, maybe they would best relate to identity and access management, cloud architecture, incident response, application security, technical testing, or awareness training. There are so many different paths, so we need to narrow down the specialisation to create a more intentful roadmap. .

Recommendations

Would you like to advise or recommend any Cybersecurity mentoring program which mentees should join?

Yes, networking is so important. I direct my mentees to Meetup.com to see what local cybersecurity groups are close to their home. If none are around, women should check out these organizations, all of with have a mentoring and training component: Women in CyberSecurity (WiCyS), Women’s Society of Cyberjutsu (WSC), Women In Cloud (WIC), The SANS Women’s Immersion Academy, CybHER, International Consortium of Minority Cybersecurity Professionals (ICMCP), The Diana Initiative, International Association of Privacy Professionals (IAPP) Women Leading Privacy, Women in Technology (WIT), Women in Security and Privacy (WISP), Uniting Women in Cyber (UWIC), and InfosecGirls

Fun Question :)

If you have magic band with one wish, how you will use it for Cybersecurity and why?

“Communication is the central nervous system of the technical workplace.” — unknown.

If I had one wish, it would be to help improving communication and information sharing across verticals. All organizations need to embrace a security-first culture to aid their organization’s attitudes, knowledge, and values with respect to cybersecurity.